Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/FJjxTA0Ovnty70NuClgBqBVGaVo.roa
File:                     FJjxTA0Ovnty70NuClgBqBVGaVo.roa (raw, json)
Hash identifier:          l2A6+zB4jIgckf//paBwlaTGxFz5vPI6YGcFOyScRes=
Subject key identifier:   14:98:F1:4C:0D:0E:BE:7B:72:EF:43:6E:0A:58:01:A8:15:46:69:5A
Certificate issuer:       /CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
Certificate serial:       018CC6B779EB95CB8C868C61483D23F8558E
Authority key identifier: 8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/FJjxTA0Ovnty70NuClgBqBVGaVo.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203501
IP address blocks:        45.91.44.0/22 maxlen: 24
                          45.91.45.0/24 maxlen: 24
                          194.113.27.0/24 maxlen: 24
                          194.113.26.0/24 maxlen: 24
                          194.113.26.0/23 maxlen: 23
                          89.37.88.0/22 maxlen: 24
                          45.86.116.0/22 maxlen: 24
                          45.87.199.0/24 maxlen: 24
                          45.87.198.0/24 maxlen: 24
                          45.87.197.0/24 maxlen: 24
                          45.87.196.0/24 maxlen: 24
                          2a02:7040:ff00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:79:eb:95:cb:8c:86:8c:61:48:3d:23:f8:55:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1498f14c0d0ebe7b72ef436e0a5801a81546695a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:65:a1:3f:25:35:13:3e:81:07:83:fe:c0:82:
                    27:ea:8d:0c:b5:70:6a:96:ed:3d:8f:e6:67:6d:79:
                    31:e5:17:d6:21:66:eb:29:26:61:a4:a4:34:8f:a0:
                    ae:11:ea:a1:c0:2c:fe:87:ce:08:55:aa:56:f0:a2:
                    57:81:15:fa:59:e3:fb:17:e9:ce:df:75:a3:89:0a:
                    b2:d2:a2:6b:bc:61:af:b7:c9:13:0a:59:89:e0:06:
                    79:8d:d4:da:4c:6c:af:38:02:c0:3c:d0:3c:63:bb:
                    d7:cd:5b:8c:ed:43:dc:c0:1d:ec:76:65:fd:bc:5d:
                    6c:7d:a9:7b:b8:7b:32:c7:44:40:22:3e:ca:78:4d:
                    d4:cb:e4:ee:ed:80:97:7d:66:2e:ce:38:0d:6c:5d:
                    3e:56:fa:e4:32:d9:61:b0:35:a0:df:7c:b4:c1:33:
                    d7:32:b4:a7:8d:63:46:1d:3a:8c:e4:4b:5b:cb:d2:
                    94:db:c3:9a:b5:96:c7:57:df:d6:31:1d:73:4a:df:
                    75:5d:38:33:ad:d7:9b:40:12:fb:a3:39:53:d7:54:
                    2e:62:8a:86:41:b0:14:60:e4:1c:bc:5c:fc:ef:02:
                    d5:d9:69:1f:97:fc:be:f8:3b:fd:46:8c:03:06:52:
                    c8:fa:26:0b:b8:90:81:0a:0a:a1:0c:5e:d0:b2:c8:
                    8f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:98:F1:4C:0D:0E:BE:7B:72:EF:43:6E:0A:58:01:A8:15:46:69:5A
            X509v3 Authority Key Identifier:
                keyid:8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/FJjxTA0Ovnty70NuClgBqBVGaVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.116.0/22
                  45.87.196.0/22
                  45.91.44.0/22
                  89.37.88.0/22
                  194.113.26.0/23
                IPv6:
                  2a02:7040:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:d4:5b:0d:ba:d4:b2:8b:9d:20:0e:2a:48:01:14:91:47:da:
         6e:92:ea:9c:ec:33:ec:c1:cc:82:4e:f8:d7:27:35:33:bd:4b:
         5e:74:a6:68:cb:bb:9d:2a:76:58:26:75:44:b9:e8:ba:13:58:
         d2:97:fe:c6:4d:2e:2b:80:5b:d9:2d:ab:f6:a3:54:f7:14:59:
         69:3a:22:d4:ed:38:85:fe:05:c4:60:5e:4c:05:4f:e2:ef:da:
         d8:f5:94:d1:cd:44:fa:e5:0e:d3:4d:fc:b5:60:1d:a3:26:fb:
         f3:d2:1f:86:0e:35:aa:13:5f:76:9e:a3:e1:ce:05:9f:2d:4b:
         0c:07:f5:a2:f2:83:59:0a:8c:1b:12:1f:ad:93:30:d5:f2:a3:
         b2:9e:f6:f7:a1:92:40:a6:8d:76:88:ad:60:89:9f:79:41:f2:
         ef:e0:2c:af:df:ec:ce:57:e3:9e:49:1b:83:3b:1e:61:1d:70:
         d2:9c:9b:61:20:af:9e:3a:3a:91:72:ec:f5:4d:c0:91:c6:f5:
         19:d6:06:6b:fd:31:96:34:09:43:0b:65:ad:89:12:41:d1:ad:
         d6:4d:b7:85:97:b3:5c:25:46:4b:33:d5:f9:5d:b5:ec:7a:41:
         72:64:3d:87:d6:12:0d:a0:43:09:a9:41:78:0c:b0:a4:ed:d8:
         44:43:49:ba
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzGt3nrlcuMhoxhSD0j+FWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiN2Y4MWE2ZTc4MmUyMTExODljNGYzNGU0NTliNDIyNmM3
NWY0YTYwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDk4ZjE0YzBkMGViZTdiNzJlZjQzNmUwYTU4MDFhODE1NDY2OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWWhPyU1Ez6BB4P+wIIn6o0MtXBq
lu09j+ZnbXkx5RfWIWbrKSZhpKQ0j6CuEeqhwCz+h84IVapW8KJXgRX6WeP7F+nO
33WjiQqy0qJrvGGvt8kTClmJ4AZ5jdTaTGyvOALAPNA8Y7vXzVuM7UPcwB3sdmX9
vF1sfal7uHsyx0RAIj7KeE3Uy+Tu7YCXfWYuzjgNbF0+VvrkMtlhsDWg33y0wTPX
MrSnjWNGHTqM5Etby9KU28OatZbHV9/WMR1zSt91XTgzrdebQBL7ozlT11QuYoqG
QbAUYOQcvFz87wLV2Wkfl/y++Dv9RowDBlLI+iYLuJCBCgqhDF7QssiP1QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFBSY8UwNDr57cu9DbgpYAagVRmlaMB8GA1UdIwQY
MBaAFIt/gabnguIRGJxPNORZtCJsdfSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUt
ZjJmNDI2ZWZlMDM5LzEvRkpqeFRBME92bnR5NzBOdUNsZ0JxQlZHYVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUtZjJmNDI2ZWZlMDM5
LzEvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQCLVZ0AwQC
LVfEAwQCLVssAwQCWSVYAwQBwnEaMA4EAgACMAgDBgAqAnBA/zANBgkqhkiG9w0B
AQsFAAOCAQEAhtRbDbrUsoudIA4qSAEUkUfabpLqnOwz7MHMgk741yc1M71LXnSm
aMu7nSp2WCZ1RLnouhNY0pf+xk0uK4Bb2S2r9qNU9xRZaToi1O04hf4FxGBeTAVP
4u/a2PWU0c1E+uUO0038tWAdoyb789Ifhg41qhNfdp6j4c4Fny1LDAf1ovKDWQqM
GxIfrZMw1fKjsp7296GSQKaNdoitYImfeUHy7+Asr9/szlfjnkkbgzseYR1w0pyb
YSCvnjo6kXLs9U3Akcb1GdYGa/0xljQJQwtlrYkSQdGt1k23hZezXCVGSzPV+V21
7HpBcmQ9h9YSDaBDCalBeAywpO3YRENJug==
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:48:59 2024 by rpki-client on console-fra.rpki-client.org